FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

libxine -- format string vulnerability

Affected packages
libxine < 1.1.0_1

Details

VuXML ID 3bc5691e-38dd-11da-92f5-020039488e34
Discovery 2005-10-08
Entry 2005-10-09

Gentoo Linux Security Advisory reports:

Ulf Harnhammar discovered a format string bug in the routines handling CDDB server response contents.

An attacker could submit malicious information about an audio CD to a public CDDB server (or impersonate a public CDDB server). When the victim plays this CD on a multimedia frontend relying on xine-lib, it could end up executing arbitrary code.

References

CVE Name CVE-2005-2967
URL http://www.gentoo.org/security/en/glsa/glsa-200510-08.xml
URL http://xinehq.de/index.php/security/XSA-2005-1